package com.l.spring_security.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

//AOP:拦截
@EnableWebSecurity
public class MySpringSecurity extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        //授权
        http.authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/vip1/**").hasRole("vip1")
                .antMatchers("/vip2/**").hasRole("vip2")
                .antMatchers("/vip3/**").hasRole("vip3");
        //没有权限进入登录
        http.formLogin()
//        .usernameParameter("uname")//可以指定账号 默认 username
//        .passwordParameter("pwd")//可以指定密码 password
//        .loginPage()  //设置登录页面面
//        .loginProcessingUrl() //设置登录请求，即controller
        ;

        //设置登出成功后路径（默认进登录）
        http.logout()
                .logoutSuccessUrl("/");

        //设置remember me(cookie实现)
        http.rememberMe()
//        .rememberMeParameter("remember")//可以指定参数名称 默认 remember-me
        ;
    }
       //认证
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        //密码必须加密
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("auth_v1").password(new BCryptPasswordEncoder().encode("123")).roles("vip1")
                .and()
                .withUser("auth_v2").password(new BCryptPasswordEncoder().encode("123")).roles("vip1", "vip2")
                .and()
                .withUser("auth_v3").password(new BCryptPasswordEncoder().encode("123")).roles("vip1", "vip2", "vip3")
        ;

    }
}
